Privacy statement of Member register

Privacy statement – Member register of Aalto Beer Pong ry

This privacy statement complies with the EU General Data Protection Regulation (GDPR).

1. Controller of the register

Aalto Beer Pong ry (ABP)

Jämeräntaival 6 C 319, 02150, Espoo

2. Person in charge of the register

Secretary Timo Norrkniivilä

[email protected]

3. Name of the register

Member register of Aalto Beer Pong ry

4. Legal basis and the purpose of gathering personal information

The legal basis for gathering personal information, complying with the EU GDPR, is the legitimate interest of the controller of the register.

The purpose of gathering personal information is the maintenance of a member register, required by the Associations Act (503/1989), and keeping the contact information of the members of the association to date.

5. Information in the register

The register will contain the following information:

  • Full name
  • Municipality of residence
  • Email address
  • School (If it is Aalto University: SCI/ENG/CHEM/ELEC/BIZ/ARTS)

The register does not contain information of people who are not members of the association. This information is removed within a reasonable timeframe when membership is terminated.

6. Regular sources of information

The information in the register comes from members who join or have already joined the association via online www forms or email.

7. Handing over information and transferring information outside of the EU or the EEA

The information in this register is not to be handed over to outside parties. The information is not to be handed over or stored outside the European Union or the European Economic Area.

8. Principles of protecting the register

The register is handled carefully. The information is stored only in electronic format, in trustworthy servers operated by third parties, which complies with the EU GDPR. The encryption of the register is done using own passwords of Aalto Beer Pong ry. The information is only available to authorized persons of Aalto Beer Pong ry. The controller of the register will ensure that access to the register is only limited to the appropriate individuals.

9. Right to check and request for corrections in the information

Each member who is in the register has the right to check their information that has been saved in the register and demand for corrections if any information is incorrect or missing. If the person wishes to see the information the register has on them or requests for a correction, the request must be sent to the controller of the register in writing. The controller of the register can ask the sender of the request to verify their identity or to specify the request. The controller of the register will answer the requesting party within the time limit

specified by the GDPR (primarily within one month).

10. Retention period of the information in the register

The register shall contain information only of people who are members of Aalto Beer Pong ry. Persons who quit or are expelled from the association will have their information removed from the register within a reasonable timeframe, at most within one month from the decision of expulsion or quitting. In special cases, the information of the registered person can be stored longer, in which case the registered person will be informed of the reason for the extension.